forked from pool/cryptsetup
- new version 1.2.0
* Add selection of random/urandom number generator for luksFormat (option --use-random and --use-urandom). * Fix luksRemoveKey to not ask for remaining keyslot passphrase, only for removed one. * No longer support luksDelKey (replaced with luksKillSlot). * if you want to remove particular passphrase, use luksKeyRemove * if you want to remove particular keyslot, use luksKillSlot Note that in batch mode luksKillSlot allows removing of any keyslot without question, in normal mode requires passphrase or keyfile from other keyslot. * Default alignment for device (if not overridden by topology info) is now (multiple of) *1MiB*. This reflects trends in storage technologies and aligns to the same defaults for partitions and volume management. * Allow explicit UUID setting in luksFormat and allow change it later in luksUUID (--uuid parameter). * All commands using key file now allows limited read from keyfile using --keyfile-size and --new-keyfile-size parameters (in bytes). This change also disallows overloading of --key-size parameter which is now exclusively used for key size specification (in bits.) * luksFormat using pre-generated master key now properly allows using key file (only passphrase was allowed prior to this update). * Add --dump-master-key option for luksDump to perform volume (master) key dump. Note that printed information allows accessing device without passphrase so it must be stored encrypted. This operation is useful for simple Key Escrow function (volume key and encryption parameters printed on paper on safe place). This operation requires passphrase or key file. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=58
This commit is contained in:
parent
c3b530b3ef
commit
83843b8936
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a
|
|
||||||
size 499276
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1.4.10 (GNU/Linux)
|
|
||||||
|
|
||||||
iEYEABECAAYFAkwvQUAACgkQf1Jlc7shgi/UvgCfasORC/TsVH3svv5F/f2WEw+X
|
|
||||||
XXoAnRhz0xfzQT/xhhoZgg+Jv4sChd2C
|
|
||||||
=cWbV
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
cryptsetup-1.2.0.tar.bz2
Normal file
3
cryptsetup-1.2.0.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:411129817ff29e6a957bcbdcd9a2c4c953c1539acd8af912c383262ba901b5ea
|
||||||
|
size 523859
|
7
cryptsetup-1.2.0.tar.bz2.asc
Normal file
7
cryptsetup-1.2.0.tar.bz2.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.4.10 (GNU/Linux)
|
||||||
|
|
||||||
|
iEYEABECAAYFAk0PQJUACgkQf1Jlc7shgi93yQCfdC+Z1aMb8NdBC8Zx/R/P6d8x
|
||||||
|
0d4AoJPO28ny/LmCRa3mCrh155YW6rZT
|
||||||
|
=UGVC
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,89 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 20 13:01:54 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- new version 1.2.0
|
||||||
|
* Add selection of random/urandom number generator for luksFormat
|
||||||
|
(option --use-random and --use-urandom).
|
||||||
|
|
||||||
|
* Fix luksRemoveKey to not ask for remaining keyslot passphrase,
|
||||||
|
only for removed one.
|
||||||
|
|
||||||
|
* No longer support luksDelKey (replaced with luksKillSlot).
|
||||||
|
* if you want to remove particular passphrase, use luksKeyRemove
|
||||||
|
* if you want to remove particular keyslot, use luksKillSlot
|
||||||
|
|
||||||
|
Note that in batch mode luksKillSlot allows removing of any keyslot
|
||||||
|
without question, in normal mode requires passphrase or keyfile from
|
||||||
|
other keyslot.
|
||||||
|
|
||||||
|
* Default alignment for device (if not overridden by topology info)
|
||||||
|
is now (multiple of) *1MiB*.
|
||||||
|
This reflects trends in storage technologies and aligns to the same
|
||||||
|
defaults for partitions and volume management.
|
||||||
|
|
||||||
|
* Allow explicit UUID setting in luksFormat and allow change it later
|
||||||
|
in luksUUID (--uuid parameter).
|
||||||
|
|
||||||
|
* All commands using key file now allows limited read from keyfile using
|
||||||
|
--keyfile-size and --new-keyfile-size parameters (in bytes).
|
||||||
|
|
||||||
|
This change also disallows overloading of --key-size parameter which
|
||||||
|
is now exclusively used for key size specification (in bits.)
|
||||||
|
|
||||||
|
* luksFormat using pre-generated master key now properly allows
|
||||||
|
using key file (only passphrase was allowed prior to this update).
|
||||||
|
|
||||||
|
* Add --dump-master-key option for luksDump to perform volume (master)
|
||||||
|
key dump. Note that printed information allows accessing device without
|
||||||
|
passphrase so it must be stored encrypted.
|
||||||
|
|
||||||
|
This operation is useful for simple Key Escrow function (volume key and
|
||||||
|
encryption parameters printed on paper on safe place).
|
||||||
|
|
||||||
|
This operation requires passphrase or key file.
|
||||||
|
|
||||||
|
* The reload command is no longer supported.
|
||||||
|
(Use dmsetup reload instead if needed. There is no real use for this
|
||||||
|
function except explicit data corruption:-)
|
||||||
|
|
||||||
|
* Cryptsetup now properly checks if underlying device is in use and
|
||||||
|
disallows *luksFormat*, luksOpen and create commands on open
|
||||||
|
(e.g. already mapped or mounted) device.
|
||||||
|
|
||||||
|
* Option --non-exclusive (already deprecated) is removed.
|
||||||
|
|
||||||
|
Libcryptsetup API additions:
|
||||||
|
|
||||||
|
* new functions
|
||||||
|
* crypt_get_type() - explicit query to crypt device context type
|
||||||
|
* crypt_resize() - new resize command using context
|
||||||
|
* crypt_keyslot_max() - helper to get number of supported keyslots
|
||||||
|
* crypt_get_active_device() - get active device info
|
||||||
|
* crypt_set/get_rng_type() - random/urandom RNG setting
|
||||||
|
* crypt_set_uuid() - explicit UUID change of existing device
|
||||||
|
* crypt_get_device_name() - get underlying device name
|
||||||
|
|
||||||
|
* Fix optional password callback handling.
|
||||||
|
|
||||||
|
* Allow to activate by internally cached volume key immediately after
|
||||||
|
crypt_format() without active slot (for temporary devices with
|
||||||
|
on-disk metadata)
|
||||||
|
|
||||||
|
* libcryptsetup is binary compatible with 1.1.x release and still
|
||||||
|
supports legacy API calls
|
||||||
|
|
||||||
|
* cryptsetup binary now uses only new API calls.
|
||||||
|
|
||||||
|
* Static compilation of both library (--enable-static) and cryptsetup
|
||||||
|
binary (--enable-static-cryptsetup) is now properly implemented by common
|
||||||
|
libtool logic.
|
||||||
|
|
||||||
|
Prior to this it produced miscompiled dynamic cryptsetup binary with
|
||||||
|
statically linked libcryptsetup.
|
||||||
|
|
||||||
|
The static binary is compiled as src/cryptsetup.static in parallel
|
||||||
|
with dynamic build if requested.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 30 14:16:07 UTC 2010 - lnussel@suse.de
|
Tue Nov 30 14:16:07 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -29,8 +29,8 @@ BuildRequires: libselinux-devel pkgconfig
|
|||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System/Base
|
Group: System/Base
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 1.1.3
|
Version: 1.2.0
|
||||||
Release: 3
|
Release: 1
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
|
Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
|
||||||
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
|
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
|
||||||
@ -153,7 +153,7 @@ popd
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
# move devel stuff to %{libdir}
|
# move devel stuff to %%{libdir}
|
||||||
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
|
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_libdir}
|
mkdir -p $RPM_BUILD_ROOT%{_libdir}
|
||||||
ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
|
ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
|
||||||
@ -224,8 +224,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
%files -n libcryptsetup1
|
%files -n libcryptsetup1
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
/%_lib/libcryptsetup.so.1
|
/%_lib/libcryptsetup.so.1*
|
||||||
/%_lib/libcryptsetup.so.1.0.0
|
|
||||||
|
|
||||||
%files -n libcryptsetup-devel
|
%files -n libcryptsetup-devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
Loading…
Reference in New Issue
Block a user